@wxcafe I'm having a massive deja-vu right now. Wasn't there some other exploit around the UID that was possible in the last year and a half or so?

@spacekookie @wxcafe That bug was that services with an invalid USER= setting (e.g. with a username that started with a digit) still got started, but as root (github.com/systemd/systemd/iss).

This one is a straight bug in polkit. I don't think there is anything that systemd can do, other than to stop using polkit entirely.

@spacekookie @wxcafe I'm pretty sure this bug also means that anything that demands authentication in e.g. KDE or GNOME, flatpak, fwupd,... will be open to users with a UID > INT_MAX.

Because those also use polkit.

@wxcafe mais omg comment ça se fait que personne l'a vu avant ?

@wxcafe well, at least its not a bug directly in systemd this time...

@wxcafe You could say it's a feature: special user INT_MAX, for all your system management, without superuser powers...

Last boost: in which C's automatic int coercions open a security hole.

(Also, lack of failure returns in GObject property setters...)

@wxcafe Vu que c'est Polkit le souci c'est bien davantage qu'exécuter des commandes systemd.

@tcit @wxcafe polkit ça me rappelle les éternels problème quand on utilise pas un DE qui init 2834723649823462938469238 trucs.
le fait que taper "reboot" sous un user non root dise "ok yolo" aussi T_T

@wxcafe @dashie Mouais enfin vu pas grand chose est sécure dès la base…

Sign in to participate in the conversation

This is an open mastodon instance for social justice activists, LGBTQIA+ people, and people who are aware of such subjects and care about them.

See the Goals, rules, and technical details for more information